ISO 27001
ISO27001
Implementation
296Evidence
448A compact standards-first map for ISO 27001, ISO 27002, ISO 27005, controls, risk notes, templates, evidence packs, and graph relationships.
Static knowledge map
The public tree uses the explicit research taxonomy as the canonical navigation layer. The generated graph still powers relationship data, but raw graph paths are kept as diagnostics instead of becoming the user interface.
Relationship map
This map aggregates generated note-to-note edges into implementation, evidence, audit, and risk lanes. It is a navigation aid, not an audit assertion.
Standards
4
Active public frameworks
Domains
22
Taxonomy-defined areas
Resources
852
Published notes in scope
Signals
1857
Deduped graph relationships
Static graph map
This is a build-time view of the compliance graph. It keeps the public page crawlable and avoids a live graph runtime while still showing the shape of the knowledge base.
Scope
Standards define the public navigation boundary.
Structure
Taxonomy groups notes before graph relationships are shown.
Edges
Generated graph edges connect notes by useful work type.
Output
The map should lead to work products, not abstract graph art.
Active public frameworks
Taxonomy-defined areas
Published notes in scope
Deduped graph relationships
Implementation
Guide and template notes that implement controls or domains.
Evidence
Controls and guides connected to evidence packs or proof records.
Audit
Audit checklists and review material linked to control work.
Risk
Risk scenarios connected to treatments and controls.
ISO 27001
Implementation
296Evidence
448ISO 27002
Implementation
296Evidence
437ISO 27005
GDPR
Framework crosswalk
This matrix is generated from the current taxonomy. It shows where each framework has guidance, controls, evidence, templates, crosswalks, and risk material. Counts are coverage signals, not proof that frameworks are interchangeable.
Current strongest bridge
ISO 27001 has 6 crosswalk resources.
| Framework | Guidance Explain | Controls Operate | Evidence Prove | Templates Implement | Crosswalks Map | Risk Treat |
|---|---|---|---|---|---|---|
| ISO 27001 9 domains / 442 notes | 91 Guidance Top: Implementation Guides | 149 Controls Top: Audit Evidence | 59 Evidence Top: Audit Evidence | 59 Templates Top: Audit Evidence | 6 Crosswalks Top: Risk & crosswalks | 0 Risk No mapped resources |
| ISO 27002 4 domains / 384 notes | 7 Guidance Top: Overview & attributes | 154 Controls Top: Control interpretation | 59 Evidence Top: Templates & evidence | 59 Templates Top: Templates & evidence | 3 Crosswalks Top: Crosswalks | 0 Risk No mapped resources |
| ISO 27005 3 domains / 19 notes | 0 Guidance No mapped resources | 0 Controls No mapped resources | 0 Evidence No mapped resources | 0 Templates No mapped resources | 1 Crosswalks Top: ISO27001 links | 18 Risk Top: Risk scenarios |
| GDPR 6 domains / 7 notes | 6 Guidance Top: Scope & roles | 0 Controls No mapped resources | 0 Evidence No mapped resources | 0 Templates No mapped resources | 1 Crosswalks Top: Accountability & governance | 0 Risk No mapped resources |
9 domains / 442 notes
4 domains / 384 notes
3 domains / 19 notes
6 domains / 7 notes
Framework explorer
Active
ISMS requirements, Annex A control domains, implementation guidance, evidence packs, and audit-ready templates.
Active
Implementation-oriented control guidance, attributes, mappings, and control interpretation references.
Active
Information security risk management notes and links between risk scenarios, controls, treatment, and evidence.
Active
EU personal-data protection requirements translated into processing decisions, engineering controls, operating evidence, and accountable governance.
Roadmap
Roadmap area for trust-service criteria, evidence mapping, and ISO/NIS2 crosswalks.
Roadmap
Roadmap area for EU NIS2 transposition tracking, entity scope, obligations, and ISO/SOC 2 mappings.
ISO 27001
ISMS requirements, Annex A control domains, implementation guidance, evidence packs, and audit-ready templates.
Taxonomy
9 domains
Published resources
442 notes
Graph contains edges
442
Start here for the ISMS model, Statement of Applicability, policy structure, roles, and core implementation concepts.
The management-system clauses that define context, leadership, planning, support, operations, evaluation, and improvement.
A.5 controls for governance, policies, suppliers, incidents, business continuity, legal requirements, and information handling.
A.6 controls for screening, employment terms, awareness, disciplinary process, termination, confidentiality, remote work, and reporting.
A.7 controls for physical perimeters, entry, secure areas, monitoring, environmental threats, equipment placement, and clear desk/screen.
Practitioner guidance for turning ISO requirements into implementation plans, operating artifacts, and control ownership.
Evidence packs, audit questions, implementation proof, registers, and records that help prove controls are operating.
Risk treatment, ISO 27005 links, GRC mappings, control relationships, and cross-framework translation notes.
Study notes and control distinction cues for ISO 27001, ISO 27002, and ISO 27005 learning paths.
ISO 27002
Implementation-oriented control guidance, attributes, mappings, and control interpretation references.
Taxonomy
4 domains
Published resources
384 notes
Graph contains edges
384
ISO 27002 orientation, control attributes, and evidence-oriented interpretation notes.
Control-by-control implementation meaning across organizational, people, and physical control families.
Templates, evidence packs, and proof patterns that support ISO 27002-aligned control implementation.
Mappings that connect ISO 27002 control guidance to ISO 27001, risk treatment, and audit evidence.
ISO 27005
Information security risk management notes and links between risk scenarios, controls, treatment, and evidence.
Taxonomy
3 domains
Published resources
19 notes
Graph contains edges
19
The ISO 27005 risk-management flow: context, assessment, treatment, communication, monitoring, and review.
Risk knowledge-base entries, GRC data-model notes, and scenario-driven control/evidence relationships.
Crosswalks that connect ISO 27005 risk treatment to ISO 27001 controls, implementation work, and audit evidence.
GDPR
EU personal-data protection requirements translated into processing decisions, engineering controls, operating evidence, and accountable governance.
Taxonomy
6 domains
Published resources
7 notes
Graph contains edges
7
Material scope, territorial reach, personal-data concepts, and the controller, processor, representative, and DPO roles.
Purpose limitation, data minimization, lawful bases, consent, special-category data, retention, and processing changes.
Privacy notices, access, rectification, erasure, restriction, portability, objection, and request handling.
Records of processing, privacy by design, DPIAs, ownership, evidence, training, review, and ISO 27001 alignment.
Risk-based security, personal-data breach assessment, notification decisions, evidence, and response readiness.
Processor due diligence and contracts, subprocessors, international transfers, safeguards, and exit evidence.
Generated
2026-07-12
Framework nodes
4
Note nodes
803
Contains edges
852